torrentpier/torrentpier-lts
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier-lts.git synced 2025-02-28 15:10:54 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Security measures (#330)

Browse Source 
Co-authored-by: Cønstantine Kovalensky <45331093+kovalensky@users.noreply.github.com>
This commit is contained in:
Roman Kelesidis 2023-11-14 20:50:10 +07:00 committed by GitHub
parent 8e67737e92
commit b720e6670e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/includes/functions.php
View File

@ -2811,7 +2811,7 @@ function hash_search ($hash)
$hash = htmlCHR(trim($hash)); $hash = htmlCHR(trim($hash));
if (!isset($hash) || mb_strlen($hash, 'UTF-8') != 40) if (!isset($hash) || mb_strlen($hash, 'UTF-8') != 40 || !ctype_xdigit($hash))
{ {
bb_die(sprintf($lang['HASH_INVALID'], $hash)); bb_die(sprintf($lang['HASH_INVALID'], $hash));
} }

2
privmsg.php
View File

@ -33,7 +33,7 @@ $confirmed = ( isset($_POST['confirm']) ) ? TRUE : 0;
$delete = ( isset($_POST['delete']) ) ? TRUE : 0; $delete = ( isset($_POST['delete']) ) ? TRUE : 0;
$delete_all = ( isset($_POST['deleteall']) ) ? TRUE : 0; $delete_all = ( isset($_POST['deleteall']) ) ? TRUE : 0;
$save = ( isset($_POST['save']) ) ? TRUE : 0; $save = ( isset($_POST['save']) ) ? TRUE : 0;
$mode = isset($_REQUEST['mode']) ? (string) $_REQUEST['mode'] : ''; $mode = isset($_REQUEST['mode']) ? htmlCHR($_REQUEST['mode']) : '';
$refresh = $preview || $submit_search; $refresh = $preview || $submit_search;